Remote Work CyberSecurity
Remote work has been gaining popularity across businesses of all sizes. It provides flexibility to colleagues and opens up companies to a workforce without limits to city, state, or even country. While the ability to work remote offers convenience for staff and a nice perk to provide prospects with, there are times when your staff will need to work remotely out of necessity.
As flu season continues, many companies are encouraging colleagues to stay home if they feel sick to reduce the chances of the entire office falling ill. While flu season is top of mind, it’s not the only time when a workforce will need to work remotely. Natural disasters and other unexpected circumstances that would keep your staff away from the office can be handled with a remote workforce.
Download Our Sample Remote Work Policy to Get Your Clients’ Remote Workforce Ready. Get My Template >>
As a technology solution provider (TSP), it’s your responsibility to prepare your clients and their colleagues to not only work remotely but to do it securely. You may have clients who have never had a remote workforce, but situations may require them to pivot in this direction, and you need to prepare to set clients up and support their new needs.
Security Awareness Training
Beyond the latest security tools and solutions, your most powerful defense against cyberthreats and building a secure remote workforce is the end users themselves. To get them to become more security-minded, your clients need to take security awareness training. You may be conducting security awareness training quarterly, or even annually, but you need to get ahead of this and do training now. Give them advice on what to be diligent about regarding attacks targeting remote workers, like phishing scams, fraudulent VPN messages, and more.
A common tactic for bad actors is to capitalize on issues or events that trigger a gut response, like fear, in the reader. Email subject lines like ‘Corona News Flash’ or ‘X New Cases in (Insert City Here)’ stoke the flames of uneasiness and try to get a user to click without investigating if the email is even credible.
There are easy ways for an end user to spot a phishing email, and your security awareness training will get them to take a few seconds to look for them before taking the next action on an email.
Access to Mission-Critical Applications and Documents
For your clients to do their jobs while away from the office, they need access to applications and documents. If they are using a company-provided device, they may have most of what they need on their machine. If not, do they have access to documents in the cloud that are critical to their job function? Putting important documents and applications in the cloud will require secure policies for how to access them like audit trails, prohibited access to non-essential areas, permission-based roles, and more.
With access to important documents and applications established, you need to ensure that their connections are secure. Installing a secure VPN is a direct link to client servers, but more security should be implemented. Two-factor authentication (2FA) is an extra layer of security that requires the end user to enter a second form of authentication, like a code sent to their phone, to gain access to servers or other applications.
Enforcing better password protection practices are needed when more clients are working remotely. Not everyone will be working from home. They may go to a coffee shop or other public area, increasing the chances of their passwords to be stolen if they are not careful. Simple practices like not storing passwords to browsers and instead using a password vault can make it more difficult for unauthorized users to gain access to their networks.
Establish Communication Systems
The obvious drawback of remote work is the inability for clients to have face-to-face interactions with their colleagues. As technology has advanced, the once high barriers of long-distance communication and collaboration have been taken down. To keep teamwork alive and well for your clients and their remote workforce, setting up secure and reliable communication systems are crucial.
- Secure Access to Voice and Phone Systems
Provide your clients with explicit instructions on how to access these systems and provide a hotline to call someone to help if it’s not working appropriately.
- Work vs. Personal Email
Are your clients and their colleagues able to access their work emails outside of the doors of your business? Do you have their email server set up in the cloud to allow for business continuity in the event of a remote work scenario? Have that set up and in place so that their teams can communicate as if they were in the office and wouldn’t have to use their personal email to communicate with you or, worse, your clients.
- Implement Chat Functionality
Chat programs like Slack, Microsoft® Teams, or Cisco® Webex Teams™ are great ways for your clients to communicate in real time with colleagues wherever they may be. Pick a tool that can set up team spaces so they can segment certain colleague groups as needed.
- Remote Meetings
The chat programs you implement will allow for video conferencing, so clients won’t miss a beat with meetings. Encourage them to implement a camera-on policy so they can have the same face-to-face touchpoints they would have if everyone were in the office. Send out meeting agendas ahead of time so everyone can prepare and stay focused.
Company-Owned or Bring Your Own Device (BYOD)
To maintain a secure remote work situation, you need to determine what devices your clients are going to use. Are you going to provide them with laptops and monitors? Do you need to issue company phones with secure lines of communication? If this is your plan, you need to figure out how to distribute the devices, so they can have them before being out of the office.
Another option is to allow them to use their own devices, including computers, tablets, and mobile devices. This comes with a lot of risks since you don’t know what is on the devices, how they use them, and other potential security problems. If you let them use their own devices, you need to implement policies around device usage on your networks, what documents they can and can’t download or store on their devices, and how to securely connect to the internet and your network.
Create a Policy for Remote Workers
Putting remote work policies in place are necessary steps to ensure your clients understand what they need to do to maintain a secure remote work environment. They also show they are meeting state and federal compliance standards when handling sensitive client information when their colleagues are away from the office.
Accommodate Staff That Needs to Be On-Site
Remind your clients that unless being in the office or going to a client site is absolutely necessary, they should use technology to their advantage at all times. The communication systems mentioned earlier eliminate a lot of client visits that could have been a video or phone call.